Generating the required AWS credentials

In order to install the AWS Replication Agent, you must first generate the required AWS credentials. You can create temporary credentials with AWS STS.

Important

Temporary credentials have many advantages. You do not need to rotate them or revoke them when they are no longer needed, and they cannot be reused after they expire. You can specify for how long the credentials are valid, up to a maximum limit. Because they provide enhanced security, using temporary credentials is considered best practice and the recommended option. For more information, see IAM security best practices.

Temporary credentials

Before you install the AWS Replication Agent, you need to generate temporary AWS security credentials. The temporary credentials provided by AWS Elastic Disaster Recovery utilize a similar mechanism to the one used by IAM Roles Anywhere.

To create temporary credentials, take the following steps:

Create a new IAM Role with the AWSElasticDisasterRecoveryAgentInstallationPolicy policy.
Request temporary security credentials via AWS STS using the AssumeRole API.

Learn more about how temporary credentials work.

Note

You can also create the default IAM role with the required permissions as an instance profile, as described in Instance profile role installation.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Installing the AWS Replication Agent

Using an instance profile for agent installation in AWS